openvpn-auth-pam-plugin-2.2.1-18.4.1 RPM for x86_64

From OpenSuSE 12.1 updates for x86_64

The OpenVPN auth-pam plugin implements username/password authentication
via PAM, and essentially allows any authentication method supported by
PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with
OpenVPN.

While PAM supports username/password authentication, this can be
combined with X509 certificates to provide two indepedent levels of
authentication.

This plugin uses a split privilege execution model which will function
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.



Authors:
--------
    James Yonan <jim@yonan.net>

Provides

• openvpn-auth-pam-plugin
• openvpn-auth-pam.so()(64bit)
• openvpn-auth-pam-plugin(x86-64)

Requires

• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit) =
• openvpn < 2.2.1
• rpmlib(CompressedFileNames) >= 3.0.4-1
• rpmlib(PayloadFilesHavePrefix)
• rpmlib(PayloadIsLzma) = 4.4.6-1

License

GPL-2.0+ ; LGPL-2.1+

Changelog

* Wed Oct 17 2012 mt@suse.com
  - Fixed openvpn init script to not map reopen to reload so the
    reopen code is without any effect (bnc#781106).
  - Added requested OPENVPN_AUTOSTART variable allowing to provide
    an optional list of config names started by default (bnc#692440).
* Mon Aug 29 2011 mt@suse.com
  - Marked /var/run/openvpn as ghost (bnc#710270), man page and
    other rpmlint warning fixes
* Tue Aug 23 2011 crrodriguez@opensuse.org
  - BuildRequires libselinux-devel
  - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
    upstream as https://community.openvpn.net/openvpn/ticket/157
* Mon Aug 22 2011 fcrozat@novell.com
  - Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
    support systemd password query (bnc#675406)
* Mon Jul 11 2011 mt@suse.de
  - Updated to openvpn-2.2.1, a new version series providing several
    new features. This version fixes build issues and provides
    updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125),
  - Adopted spec file, enabled saving password in a file and to
    specify an alternative username in x509 cert.
  - Removed X-Interactive from init script again, as systemd isn't
    able to use it correctly [any more?] (bnc#675406). We will
    address it later and probably use /bin/systemd-ask-password.
* Tue Mar 15 2011 crrodriguez@opensuse.org
  - KVPNC is unable to parse openvpn version [bnc#679153]
* Thu Feb 17 2011 mt@suse.de
  - Added X-Interactive: true LSB tag to the init script.
* Tue Nov 16 2010 mt@suse.de
  - Updated to openvpn 2.1.4, providing several bug fixes and
    improvements, such as:
    * Fix of a problem with special case route targets
    * Try to ensure, that the tun/tap interface gets closed on
      non-graceful aborts.
    * Several AUTH_FAILED reporting fixes causing the connection
      to fail without any error indication.
    * Enable exponential backoff in reliability layer retransmits.
    * Proxy improvements
    Please review the ChangeLog file for a complete and exact list.
* Wed Sep 08 2010 cristian.rodriguez@opensuse.org
  - Do not include build date in binaries
* Tue Jun 15 2010 mt@suse.de
  - Improved netconfig based client up and down sample scripts.
* Fri Jun 11 2010 anschneider@exsuse.de
  - Added netconfig based client up and down scripts to samples.
* Thu Mar 11 2010 mt@suse.de
  - Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
    * Fixed a couple issues in sample plugins auth-pam.c and
      down-root.c.
      (1) Fail gracefully rather than segfault if calloc returns NULL.
      (2) The openvpn_plugin_abort_v1 function can potentially be
      called with handle == NULL.  Add code to detect this case,
    and if so, avoid dereferencing pointers derived from handle
    (Thanks to David Sommerseth for finding this bug).
    * Documented "multihome" option in the man page.
    * Added a hard failure when peer provides a certificate chain
      with depth > 16.  Previously, a warning was issued.
    * Added additional session renegotiation hardening. OpenVPN has
      always required that mid-session renegotiations build up a new
      SSL/TLS session from scratch. While the client certificate
      common name is already locked against changes in mid-session
      TLS renegotiations, we now extend this locking to the
      auth-user-pass username as well as all certificate content in
      the full client certificate chain.
  - Improved openvpn init script adding messages giving a hint about
    pid write failure and to look into the log messages (bnc#559041).
  - Added -fno-strict-aliasing to compile flags in the spec file.
* Thu Dec 17 2009 mt@suse.de
  - Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
    option handling provided by the from server (bnc#552440).
    For complete list of changes, see ChangeLog file, here just
    the IMO most important:
    * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
      the redirect-gateway option by itself, without any extra
      parameters, would cause the option to be ignored.
    * Optimized PUSH_REQUEST handshake sequence to shave several
      seconds off of a typical client connection initiation.
    * The maximum number of "route" directives (specified in the
      config file or pulled from a server) can now be configured
      via the new "max-routes" directive.
    * Eliminated the limitation on the number of options that can
      be pushed to clients, including routes. Previously, all
      pushed options needed to fit within a 1024 byte options
      string.
    * Added --server-poll-timeout option : when polling possible
      remote servers to connect to in a round-robin fashion,
      spend no more than n seconds waiting for a response before
      trying the next server.
    * Added the ability for the server to provide a custom reason
      string when an AUTH_FAILED message is returned to the client.
      This string can be set by the server-side managment interface
      and read by the client-side management interface.
    * client-kill management interface command, when issued on server,
      will now send a RESTART message to client. This feature is
      intended to make UDP clients respond the same as TCP clients
      in the case where the server issues a RESTART message in order
      to force the client to reconnect and pull a new options/route
      list.
* Fri Oct 02 2009 mt@suse.de
  - Added network-remotefs to init script dependencies (bnc#522279).
* Wed Jun 10 2009 mt@suse.de
  - Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
  - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
  - Adopted spec file and patches, improved init script.
  - Disabled installation of easy-rsa for Windows.

Files

/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat May 25 03:09:15 2013